Data in a database (e.g., relational database) may be organized and stored in database tables. Existing mechanisms for controlling access to a database do not provide a sufficiently broad range of protection for data in database tables. For example, Structured Query Language (SQL) object privileges regulate access based on the type of SQL operation (e.g., select, insert, update, delete, execute) attempted by a user. But SQL operation privileges tend to be overly broad as a user can gain access to all of the data in a database table by invoking one or more permitted SQL operations. By contrast, analytic privileges impose read access limitations on specific subsets of data retrieved by invoking one or more SQL operations permitted under a user's SQL object privileges. Thus, analytic privileges may be unduly restrictive for certain users and/or applications.